User`s manual
285
DWS-1008 User’s Manual
D-Link Systems, Inc.
Conguring AAA for Network Users
The following command sets the Bonded Auth period to 60 seconds, to allow time for WEP
users to reauthenticate:
DWS-1008# set dot1x bonded-period 60
success: change accepted.
Displaying Bonded Auth Conguration Information
T
o display Bonded Auth conguration information, use the following command:
show dot1x cong
In the following example, bob.mycorp.com uses Bonded Auth, and the Bonded Auth period
is set to 60 seconds.
DWS-1008# show dot1x cong
802.1X user policy
----------------------
‘host/bob-laptop.mycorp.com’ on ssid ‘mycorp’ doing PASSTHRU
‘bob.mycorp.com’ on ssid ‘mycorp’ doing PASSTHRU (bonded)
802.1X parameter setting
---------------- -------
supplicant timeout 30
auth-server timeout 30
quiet period 60
transmit period 5
reauthentication period 3600
maximum requests 2
key transmission enabled
reauthentication enabled
authentication control enabled
WEP rekey period 1800
WEP rekey enabled
Bonded period 60
Information for the 802.1X authentication rule for the machine (host/bob-laptop.mycorp.com)
is also displayed. However, the bonded option is congured only for the user’s authentication
rule. The bonded option applies only to the authentication rules for users, not the authentication
rules for machines.
Conguring Authentication and Authorization by MAC Address
You must sometimes authenticate users based on the MAC addresses of their devices rather
than a username-password or certicate. For example, some Voice-over-IP (VoIP) phones
and personal digital assistants (PDAs) do not support 802.1X authentication. If a client does
not support 802.1X, MSS attempts to perform MAC authentication for the client instead. The
switch can discover the MAC address of the device from received frames and can use the
MAC address in place of a username for the client.